Research
PyPI Package Impersonates SymPy to Deliver Cryptomining Malware
Malicious PyPI package sympy-dev targets SymPy users, a Python symbolic math library with 85 million monthly downloads.
By Kirill Boychenko -  Jan 21, 2026
🚀 Launch Week Day 2:Introducing Custom Tabs for Org Alerts.Learn More →
dependency-status
Advanced tools
dependency-status
Check whether your public npm dependencies (or private github dependencies) are up-to-date
dependency-status
Check whether your public npm dependencies (or private github dependencies) are up-to-date
npm install dependency-status
Usage
Simply call dependency-status with module or github repository name
var check = require('dependency-status');
check('dependency-status', function(err, report) {
console.log(report);
});
The above result will look like this
{
name: 'dependency-status',
version: '0.1.0',
dependencies: [{
name: 'request',
latest: '2.34.0',
used: '^2.34.0',
status: 'latest'
}, {
...
}]
}
The status of each dependency can be up-to-date or outdated.
You can also use dependency-status if your node project is not on npm but only on github (like an app).
Simply pass username/repository to the function
check('my-github-username/my-repo', callback);
If your repository is private you need to pass credentials as well as the second parameter
check('my-user/my-private-repo', {
username: 'this-user-has-read-access-to-the-repo',
password: 'this-is-his-password'
}, callback);
If you pass a credentials map you can also check the status of your modules private github dependencies
License
MIT
FAQs
Check whether your public npm dependencies (or private github dependencies) are up-to-date
The npm package dependency-status receives a total of 3 weekly downloads. As such, dependency-status popularity was classified as not popular.
We found that dependency-status demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Jul 2014
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Tabs for Org Alerts
Create and share saved alert views with custom tabs on the org alerts page, making it easier for teams to return to consistent, named filter sets.
By André Staltz -  Jan 20, 2026
Product
Rust Support in Socket Is Now Generally Available
Socket’s Rust and Cargo support is now generally available, providing dependency analysis and supply chain visibility for Rust projects.
By Trevor Norris -  Jan 19, 2026